CVE-2025-66561 – SysReptor versions before 2025.102 have a store... (How to Fix)

Q: What is the severity of CVE-2025-66561?

CVE-2025-66561 has a CVSS score of 7.3 (HIGH). SysReptor versions before 2025.102 have a stored XSS vulnerability where authenticated users can upload malicious JavaScript files through the web UI. This allows attackers to execute arbitrary JavaScript in the context of other logged-in users, potentially compromising their sessions and data. Only authenticated users can exploit this vulnerability.

📋 TL;DR

SysReptor versions before 2025.102 have a stored XSS vulnerability where authenticated users can upload malicious JavaScript files through the web UI. This allows attackers to execute arbitrary JavaScript in the context of other logged-in users, potentially compromising their sessions and data. Only authenticated users can exploit this vulnerability.

💻 Affected Systems

Products:

SysReptor

Versions: All versions prior to 2025.102

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access to exploit; affects web UI file upload functionality.

📦 What is this software?

Sysreptor by Syslifters

View all CVEs affecting Sysreptor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated malicious user could steal session cookies, perform actions as other users, exfiltrate sensitive data, or deploy malware to victim browsers.

🟠

Likely Case

Attackers with valid credentials could hijack sessions of other users, potentially accessing sensitive pentest reports and data.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to potential session hijacking within the application scope.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once credentials are obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2025.102

Vendor Advisory: https://github.com/Syslifters/sysreptor/security/advisories/GHSA-64vw-v5c4-mgvm

Restart Required: Yes

Instructions:

1. Backup your SysReptor instance. 2. Update to version 2025.102 or later. 3. Restart the SysReptor service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Disable file uploads

all

Temporarily disable file upload functionality in SysReptor web UI

Modify SysReptor configuration to restrict file uploads

Implement WAF rules

all

Add web application firewall rules to block malicious JavaScript uploads

Configure WAF to block suspicious file uploads with JavaScript content

🧯 If You Can't Patch

Implement strict access controls and monitor for suspicious file uploads
Use Content Security Policy (CSP) headers to restrict script execution

🔍 How to Verify

Check if Vulnerable:

Check SysReptor version; if below 2025.102, the system is vulnerable.

Check Version:

Check SysReptor web interface or configuration files for version information

Verify Fix Applied:

Verify version is 2025.102 or later and test file upload functionality with JavaScript files.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads with JavaScript extensions
Multiple failed upload attempts
Suspicious user activity patterns

Network Indicators:

JavaScript file uploads to SysReptor endpoints
Unusual outbound connections from SysReptor server

SIEM Query:

source="sysreptor" AND (event="file_upload" AND file_extension="js")

📊 Metadata

CVE ID: CVE-2025-66561

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (13.1th percentile)

Published: December 4, 2025

Last Updated: December 11, 2025

🔗 References

https://github.com/Syslifters/sysreptor/security/advisories/GHSA-64vw-v5c4-mgvm Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66561, you might also want to check these: